(Updated) PowerPoint for the web: “Visualize this slide” skill in Copilot

🚨 The Signal: Copilot in PowerPoint for the web gains a 'Visualize this slide' skill, converting text to images using Anthropic or GPT-5.5 models. This expands AI-driven content generation, increasing potential for data exposure and prompt injection risks.

The Impact

Users with Copilot access are affected, increasing the risk of sensitive data exposure through AI processing and potential prompt injection.

• End users: Increased risk of inadvertently exposing sensitive data to AI models.
• Security teams: New vector for prompt injection attacks and data exfiltration.
• Data owners: Potential for data residency and compliance issues with AI model processing.

The Action

1. Review and update existing Copilot data interaction policies to specifically address generative AI content creation.
2. Educate users on responsible use of 'Visualize this slide' skill, emphasizing avoidance of sensitive data in prompts.
3. Monitor Copilot usage logs for unusual activity or large volumes of data processed by AI models.
4. Verify Anthropic model is disabled if tenant policy prohibits its use, via Microsoft 365 admin center.

Domain: Agentic-AI · Impact: high · Workload: M365 Apps